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REMARKS / ARGUMENTS 



In response to the Office Action mailed June 14, 2006 ("the Office Action"), 
Applicants respectfully propose that this application be amended as set forth above and 
that the Examiner consider the following remarks. In the Office Action, the Examiner 
objected to claims 1 , 6, 7, 9, 11, and 12 due to informalities in the claim language. The 
Examiner also rejected claims 1-17 under 35 U.S.C. § 103(a) as being unpatentable 
over U.S. Patent No. 6,754,829 ("Butt") in view of U.S. Patent No. 6,591 ,231 
("Kurshan"). By this response, claims 1 , 6, 7, 9-12 and 17 have been amended to 
obviate the Examiner's objections. After entry of this paper, claims 1-17 will be pending 
in this application. Applicants hereby traverse the rejections of the pending claims. 



Claims 1 , 6, 7, 9, 1 1 , and 12 stand rejected because of informalities in the claims. 
In light of Applicants' amendments to the claims, Applicants respectfully request that the 
Examiner withdraw the objections to these claims. 

In addition to the corrections requested by the Examiner, Applicants have further 
modified claims 1 and 7 to recite "updating the authorization value being a monotone 
function," support for which may be found, for example, at page 16. Applicants have 
also deleted the term "fixpoint" from claim 1 and replaced it with the term "steady state," 
support for which may be found, for example, on page 18 of the application. 



Objection to Claims 1. 6, 7, 9. 11. and 12 
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Rejections Under 35 U.S.C. § 103(a) 



The Examiner rejected claims 1-17 under 35 U.S.C. § 103(a) as unpatentable 
over Butt in view of Kurshan. Neither Butt nor Kurshan, however, teach or disclose all 
elements of Applicants' claims. Moreover, no motivation exists to combine the two 
references. Accordingly, Applicants hereby traverse these rejections. 
Claims 1 and 7 

The Examiner rejected claims 1 and 7 under 35 U.S.C. § 103(a) as unpatentable 
over Butt in view of Kurshan. Amended claim 1 now recites a step for updating 
authorization values that is "a monotone function" and a step for "repeating said 
evaluating and updating steps until a steady state of said lattice of authorizations values 
is reached." Similarly, claim 7 now recites computer code for updating authorization 
values as a "monotone function" and computer code "for updating the authorization 
value of one or more principals in the set of principals until a steady state of said lattice 
of authorization values is reached." Applicants submit that neither Butt nor Kurshan 
discloses at least these elements. Applicants further submit that no motivation exists to 
combine Butt with Kurshan. 

Neither Reference Discloses All Elements of Applicants' Claimed Invention 
Butt discloses a method for an operator of a console to manage a device without 
regard to the operating systems being used. See Butt, col. 2:27-28. In this method, an 
operator of a first operating system obtains a session certificate from a trusted core of a 
device having a second operating system. See Butt, coL 2:28-31 . The operator then 
provides the session certificate, which authenticates the identity and group membership 
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of the operator, along with a managennent request to the device executing a third 
operating system. See Butt, col. 2:31-35. This device wil! then use the certificate to 
determine whether the authenticated operator has the necessary privileges to perform 
the management request. See Butt, col. 2:35-38. If the certificate does Indicate the 
necessary privileges to perfomi the management request, the method may then check a 
local access control list that may restrict otherwise valid operations. See Butt, col. 5:57- 
60. Butt, however, fails to teach or suggest steps for " repeating said evaluating and 
updating steps until a steady state of said lattice of authorizations values is reached" or 
for updating authorization values that is "a monotone function" as recited in Applicants' 
amended claim 1 . Further, Butt fails to teach or suggest computer code for updating 
authorization values as a "monotone function" or "for causing repeated execution of said 
computer code for . . . updating the authorization value of one or more principals in the 
set of principals until a steady state of said lattice of authorization values is reached" as 
recited in Applicants' amended claim 7. 

Kurshan fails to correct these deficiencies. Kurshan discloses a method for 
checking constructivity, or acyclic behavior, In computer-aided circuit designs. See, 
e.g., Kurshan, col. 1 :5; col. 1 :47-50; and coi. 2:36-40. As part of the method, Kurshan 
discloses a monotone function fon a complete partial order (CPO), the function /having 
a monotone property P. See Kurshan, col. 6:37-38. As noted in Kurshan, monotonicity 
implies the property whereby for u below v, the bottom of f*.u is below the bottom of f 
*.v. See Kurshan, col. 6:31-34. Thus, as used in Kurshan, the term monotonicity 
involves comparing the two outputs of a function~f *.u and /*.V"for two different inputs- 
u and V. As used in Applicants' claims, however, the term monotone function is used to 
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describe a feature of eacli authorization value when processing one electronic request. 
For example, in a monotonically increasing function, once an authorization Is granted by 
a principal, further processing by repeating the updating step for the one request will not 
indicate that the authorization should be denied by that principal. Likewise, in a 
monotonically decreasing function, once an authorization is denied by a principal, 
further processing by repeating the updating step for the one request will not indicate 
that the authorization should be granted by that principal. Thus, as used by Applicants, 
the term "monotone function" in this application describes a property of an authorization 
value when processing one input, not when processing two or more inputs. 
Accordingly, Kurshan fails to teach or suggest a step or computer code for updating the 
authorization values of the principals as a "monotone function" as recited in Applicants' 
amended claims 1 and 7. 

Kurshan further fails to teach or suggest a method that reaches a steady state. 
Kurshan does disclose a lemma using least fixedpoints. See Kurshan, col. 6:37-38. 
According to Kurshan, the fixed points of fare partially ordered by the below symbol (<=) 
so that the least fixed point occurs below any other fixed point. See Kurshan, col. 6:40- 
43. Kurshan, however, uses the temi "fix point" to describe a function f and value V 
where ^y) - v, (e.g. if f (x) - x^, then x= 1 would be a fixpoint because f (1) = 1). See 
Kurshan, col. 6:40-41 . Kurshan does not use the term fixpoint to describe a method or 
system that uses an iterative process to reach a steady state. Accordingly, Kurshan 
fails to teach or suggest steps for " repeating said evaluating and updating steps until a 
steady state of said lattice of authorizations values is reached" as recited in Applicants' 
amended claim 1 . Kurshan further fails to teach or suggest computer code "for causing 
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repeated execution of said computer code for . . . u pdating the authorization value of 
one or more principals in the set of principals until a steady state of said lattice of 
authorization values is reached" as recited in Applicants' amended claim 7. For at least 
these reasons, Applicants submit that claims 1 and 7 are patentable over the cited prior 
art. Applicants, therefore, respectfully request that the Examiner withdraw the rejections 
of and allow claims 1 and 7. 

No Motivation Exists to Combine Butt with Kurshan 

Applicants further submit that no motivation exists to combine the teachings of 
Butt with Kurshan. The Examiner must show that the prior art provides the reason or 
motivation to make the claimed combination. See f\/IPEP § 2143, The prior art relied 
upon by an Examiner must either be in the field of Applicants' endeavor or reasonably 
pertinent to the particular problem with which the inventor was concerned. See MPEP § 
2141 .01 . The motivation to combine the references cannot come from the applicant's 
own disclosure but must come from the prior art itself. See MPEP § 2143. 

Applicants first note that the two motivations listed by the Examiner in the Office 
Action to modify the teachings of Butt involve two characteristics already present in Butt 
but not present in Kurshan. See Office Action p. 8. Specifically, Butt already discloses 
a system that determines "whether the authenticated operator has necessary access 
privilege to perform the management request based at least in part on the authenticated 
group membership of the operator set forth in the operating system independent 
session certificate." Compare Office Action, p. 8 with Butt, col. 2:36-40. Butt also 
already discloses "providing remote-access to manageable devices across different 
operating systems, and more specifically, to using certificates with embedded 



-14- 



Appln. No. 09/863,199 

Amendment & Response to Office Action filed 09/13/06 
replying to Office Action of June 14, 2006 



PATENT 

Customer No. 22,852 
Attorney Docket No. 07451 .0034-00 
Intertrust Ref. No. IT-36.1 (US) 



cryptographic data to validate operator identity and access rights to remotely 
manageable devices." Compare Office Action, p. 8 with Butt, col. 1 :7-1 1 . Applicants 
submit, however, that the Examiner does not show how these two features of Butt 
provide any motivation to modify the disclosure of Butt with the disclosure of Kurshan. 

Applicants further submit that the art disclosed in Kurshan is neither in the 
Applicants' field of endeavor nor reasonably related to the pertinent problem addressed 
by Applicants. Kurshan generally discloses a method for identifying cyclicity in circuit 
designs, while Applicants' present claims involve systems and methods for making trust 
management decisions. Accordingly, Applicants respectfully submit that circuitry design 
is not within the general field of endeavor of the present application. Applicants also 
submit that a person faced with the issues of monotone functions and arriving at a 
steady state in a trust management system would not look to Kurshan, which involves 
preventing cyclicity and feedback loops from occurring in computer-aided circuit 
designs. Accordingly, Applicants respectfully submit that the teachings of Kurshan 
would not be within the knowledge of one skilled in the art of trust management 
systems. For these reasons, Applicants submit that one skilled in the art of trust 
management systems and faced with the same problems as Applicants would not be 
motivated to look to Kurshan for a solution or to combine Butt with Kurshan. 
Claim 2 

The Examiner also rejected claim 2 under 35 U.S.C. § 103(a) as unpatentable 
over Butt in view of Kurshan. Claim 2, which depends from claim 1 , recites a step for 
"constructing a dependency graph . . . containing a node corresponding to each 
principal in the set of principals; and assigning at least two nodes in the dependency 
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graph with a certificate that expresses a dependency of one node on the state of 
another node." in addition to the missing elements from claim 1 , Applicants further 
submit that neither Butt nor Kurshan discloses or suggests at least this additional 
element of claim 2. 

As stated above, Butt discloses a method for an operator of a console to manage 
a device without regard to the operating systems being used. See Butt, col. 2:27-28. In 
Butt, the certificate authority issues operating system independent certificates to 
operators of consoles to be used to authenticate the identity and group membership of 
the console operator. See Butt, col. 5:48-51 . The certificate is then checked against 
the access control list to determine if access should be granted. See Butt, col. 5:58-60. 
Butt, however, does not disclose that the current entries on the access control list 
depend on the state of other entries of the access control list, nor does Butt describe a 
dependency graph. Additionally, the section of Butt cited to by the Examiner (Butt, col. 
1 1 :43-67) describes a method for allowing a core to act as a proxy for the console 
operator. See Butt, col. 1 1 :26-27. In describing this proxy configuration, however, Butt 
does not disclose that the entries on the access list of the manageable device will 
depend on the current entries on the access control list, nor does this section describe 
or suggest the use of a dependency graph. Accordingly, in addition to the failure to 
teach or suggest all elements of claim 1 , Butt also at least fails to teach or suggest a 
step for "constructing a dependency graph . . . containing a node corresponding to each 
principal in the set of principals; and assigning at least two nodes in the dependency 
graph with a certificate that expresses a dependency of one node on the state of 
another node" as recited in Applicants' claim 2. 



-16- 



Appln. No. 09/863,199 

Amendment & Response to Office Action filed 09/1 3/06 
replying to Office Action of June 14, 2006 



PATENT 
Customer No. 22,852 
Attorney Docket No. 07451 .0034-00 
Intertrust Ref. No. IT-36.1 (US) 



Kurshan fails to remedy this deficiency. As noted by the Examiner, Kurshan 
does disclose a dependency graph in the Background of the Invention section of the 
patent, but in doing so, Kurshan teaches using the dependency graph to describe or 
specify one or more gates in a circuit design. See Kurshan col. 1 :6-10. Kurshan, 
however, fails to teach or suggest using a dependency graph in a system or method for 
making trust management decisions in which the nodes of the dependency graph 
correspond to principals. Accordingly, in addition to the failure to teach or suggest all 
elements of claim 1 , Kurshan also at least fails to teach or suggest a step for 
"constructing a dependency graph . . . containing a node corresponding to each 
principal in the set of principals; and assigning at least two nodes in the dependency 
graph with a certificate that expresses a dependency of one node on the state of 
another node" as recited in Applicants' claim 2. For at least the reasons listed in 
connection with claims 1 and 2, Applicants submit that claim 2 is patentable over the 
cited prior art. Applicants, therefore, respectfully request that the Examiner withdraw 
the rejection of and allow claim 2. 
Claim 3 

The Examiner rejected claim 3, stating, "This claim has limitations that is similar 
to those of claim 1 , thus it is rejected with the same rationale applied against claim 1 
above." See Office Action, p. 9. Applicants, however, submit that in addition to not 
disclosing all elements of amended claim 1 , neither Butt nor Kurshan discloses or 
suggests a method "in which said updating is performed after all of the certificates have 
been evaluated" as cited in Applicants' claim 3. 
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As stated above in connection to claims 1 and 2, Applicants submit that Butt fails 
to disclose a trust management system in which the entries on the access list of the 
manageable device will depend on the current entries on the access control list. 
Additionally, because the entries on the access list are not disclosed as changing, Butt 
also does not disclose a step for updating the entries on the access list. Accordingly, in 
addition to failing to disclose all elements in amended claim 1 , Butt fails to teach or 
suggest a method "in which said updating is performed after all of the certificates have 
been evaluated" as cited in Applicants' claim 3. 

Kurshan falls to remedy this deficiency. As stated above in connection with 
claims 1 and 2, Kurshan fails to disclose a system in which an iterative process is used 
to update authorization values of one or more principals in a computer implemented 
authorization system. Accordingly, in addition to failing to disclose all elements in 
amended claim 1 , Kurshan further fails to teach or suggest a method "in which said 
updating is performed after ail of the certificates have been evaluated" as cited in 
Applicants' claim 3. Applicants submit that claim 3 is patentable over the cited prior art 
for at least the reasons listed for claims 1 and 3. Applicants, therefore, respectfully 
request that the Examiner withdraw the rejection of and allow claim 3. 
Claims 4-6 

Claims 4-6 depend from and include all limitations of Applicants' amended claim 
1 and are patentable for at least the reasons listed above for amended claim 1 . 
Applicants, therefore, respectfully request that the Examiner withdraw the rejections of 
claims 4-6 and allow these claims. 
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Claim 8 



Claim 8 depends from and includes all limitations of Applicants' amended claim 
7. Accordingly, claim 8 is patentable for at least the reasons listed above for amended 
claim 7. Applicants, therefore, respectfully request that the Examiner withdraw the 
rejection of and allow claim 8. 



The Examiner rejected claim 9 as unpatentable over Butt in view of Kurshan. As 
discussed above in connection with claims 1 and 7, Applicants submit that neither Butt 
nor Kurshan discloses or suggests "creating a lattice of monotone authorization values" 
as recited in Applicants' amended claim 9. Additionally, Applicants submit that neither 
Butt nor Kurshan discloses or suggests at least "identifying a root principal from whom 
authorization is needed in order to grant the request" nor does either reference disclose 
"performing at least a portion of a least fixpoint computation over said authorization 
values" as recited in Applicants' amended claim 9. 

Butt discloses a system and method that "checks the account information 
embedded in the certificate to the access control list governing access to the requested 
feature." See Butt col. 4:1 8-20. Butt fails to disclose a method or system for identifying 
an entry in the access control list from whom authorization is needed. Further, as 
stated earlier by Applicants when discussing claim 1 , Butt fails to disclose a method or 
system in which the entries on the access control list are updated. Accordingly, Butt 
fails to teach or suggest "identifying a root principal from whom authorization is needed 
in order to grant the request" and "performing at least a portion of a least fixpoint 
computation over said authorization values" as recited in Applicants' amended claim 9. 



Claim 9 
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Kurshan fails to remedy this defect. Because Kurshan does not disclose the use 
of access lists, Kurshan likewise fails to disclose a method or system in which the 
entries of the access list, including a root principal, are updated. Further, Kurshan 
discloses a method for using the least fixed point in a method for identifying cyclicity in a 
circuit design. See Kurshan col. 6:40-45. As used by Kurshan, a fixed point is defined 
as a value V such that for a function f, /(v) = v. See Kurshan col. 6:40-41 . Thus, 
Kurshan uses the term fixed point to indicate discrete values or vectors that have this 
property. Applicants, however, use the term "fixed point" to describe a system in which 
no further processing is required. Accordingly, Kurshan fails to teach or suggest 
"identifying a root principal from whom authorization is needed in order to grant the 
request" and "performing at least a portion of a least fixpoint computation over said 
authorization values" as recited in Applicants' amended claim 9. For at least these 
reasons. Applicants respectfully submit that claim 9 is patentable over the cited prior art 
and respectfully request that the Examiner withdraw the rejection of and allow claim 9. 
Claim 10 

The Examiner also rejected claim 10 as unpatentable over Butt in view of 
Kurshan. As discussed above in connection with claims 1 , 7, and 9, Applicants submit 
that neither Butt nor Kurshan discloses "creating a lattice of monotone authorization 
values" as recited in Applicants' amended claim 10. Additionally, as discussed above in 
connection with claim 9, Applicants also submit that neither Butt nor Kurshan discloses 
"performing least fixed point computations using said authorization values" as recited in 
Applicants' amended claim 10. Finally, as discussed above in connection with claim 1 
and 7, Applicants respectfully submit that no motivation exists for Butt to be combined 
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with Kurshan as proposed by the Examiner. For at least these reasons, Applicants 
respectfully submit that claim 10 is patentable over the cited prior art and respectfully 
request that the Examiner withdraw the rejection of and allow claim 10. 
Claims 11-16 

Claims 11-16 depend from and Include all limitations of amended claim 10 and 
are patentable for at least the reasons listed above for amended claim 10. Applicants, 
therefore, respectfully request that the Examiner withdraw the rejections of claims 11-16 
and allow these claims. 
Claim 17 

The Examiner rejected claim 17 as unpatentable over Butt in view of Kurshan for 
essentially the same reasons as listed for rejecting claim 10. As discussed above in 
connection with claims 1 , 7, and 9, however, Applicants submit that neither Butt nor 
Kurshan teaches or suggests "defining said authorization values in said certificates 
using monotone authorization values" nor does either cited reference teach or suggest 
"computing a fixpoint, or an approximation thereof" as recited in Applicants' claim 17. 
Applicants, therefore, respectfully submit that claim 17 is patentable over the cited prior 
art for at least these reasons and request that the Examiner withdraw the rejection of 
and allow claim 17. 
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CONCLUSION 



Please grant any extensions of time required to enter this response and charge 
any additional required fees to our Deposit Account No. 06-091 6, 



Finnegan, Henderson, Farabow 

Garrett & Dunner, LLP. 
901 New York Ave., N.W. 
Washington, D.C. 20001 
(202) 408-4000 



Respectfully submitted, 



FiNNEGAN, HENDERSON, FARABOW, 
GARRETT & DUNNER, LLP. 



Dated: September 13, 2006 




JeWte^Danley ^ 
Reg. No. 57,228 
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